Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/4a9224-37d4-4b23-a427-271362e3f25a/1/lJDNUrJ4xz-DXrffyb8QGa4k5wk.roa
File:                     lJDNUrJ4xz-DXrffyb8QGa4k5wk.roa (raw, json)
Hash identifier:          RB/cW5C7WerYL2esjGHcYo9Tn+Vh9lAn74qy/H/M1uk=
Subject key identifier:   94:90:CD:52:B2:78:C7:3F:83:5E:B7:DF:C9:BF:10:19:AE:24:E7:09
Certificate issuer:       /CN=ef31a054fc9fb4b147e8a98bda7e71c81af0bcfd
Certificate serial:       018CC4937CFABB06103414F717FBBC2BD0A3
Authority key identifier: EF:31:A0:54:FC:9F:B4:B1:47:E8:A9:8B:DA:7E:71:C8:1A:F0:BC:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7zGgVPyftLFH6KmL2n5xyBrwvP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/4a9224-37d4-4b23-a427-271362e3f25a/1/lJDNUrJ4xz-DXrffyb8QGa4k5wk.roa
Signing time:             Mon 01 Jan 2024 10:30:49 +0000
ROA not before:           Mon 01 Jan 2024 10:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31451
IP address blocks:        2001:67c:1550::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/4a9224-37d4-4b23-a427-271362e3f25a/1/7zGgVPyftLFH6KmL2n5xyBrwvP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/4a9224-37d4-4b23-a427-271362e3f25a/1/7zGgVPyftLFH6KmL2n5xyBrwvP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7zGgVPyftLFH6KmL2n5xyBrwvP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 01:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7c:fa:bb:06:10:34:14:f7:17:fb:bc:2b:d0:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef31a054fc9fb4b147e8a98bda7e71c81af0bcfd
        Validity
            Not Before: Jan  1 10:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9490cd52b278c73f835eb7dfc9bf1019ae24e709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:af:7f:1f:1d:7f:1d:10:bd:1b:21:34:cd:ba:
                    c1:28:53:8d:bd:1e:c2:6b:6c:c8:ba:93:fb:9e:20:
                    c8:1d:4f:b3:69:4e:20:ab:95:18:64:e3:4f:2f:09:
                    74:e7:07:cd:ad:3f:a9:2d:bc:30:57:4f:7b:3e:30:
                    59:1c:96:d8:8a:6e:44:9e:5d:43:b6:ca:9e:66:07:
                    6c:8b:3b:35:4d:d2:55:5b:a3:0b:44:74:cc:de:45:
                    20:39:05:95:a4:b5:52:9f:ea:5c:35:31:32:c0:65:
                    b8:2d:08:02:d6:2e:35:fb:9e:9e:da:53:44:bf:0c:
                    90:56:76:66:58:9c:35:d2:36:ad:71:66:61:2c:1d:
                    fc:61:9c:3a:2f:f7:fc:27:cc:0d:7e:67:80:c3:31:
                    e9:32:44:dd:01:12:2e:45:16:ac:ec:bc:d8:9a:e7:
                    92:44:62:87:88:7f:fe:9f:90:59:f9:b2:53:20:6f:
                    32:b8:36:83:1f:16:fe:20:1b:86:98:5c:e5:d7:13:
                    73:e3:08:31:64:3d:23:31:b1:11:18:3b:20:e6:8a:
                    1d:ed:b8:2c:ee:11:70:d8:15:eb:e6:2c:b8:61:2e:
                    5e:0a:61:7d:85:6d:66:65:c1:62:a9:07:5d:ac:b6:
                    fd:58:ec:94:b7:74:5f:bf:c3:d4:36:2e:82:be:9b:
                    09:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:90:CD:52:B2:78:C7:3F:83:5E:B7:DF:C9:BF:10:19:AE:24:E7:09
            X509v3 Authority Key Identifier:
                keyid:EF:31:A0:54:FC:9F:B4:B1:47:E8:A9:8B:DA:7E:71:C8:1A:F0:BC:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7zGgVPyftLFH6KmL2n5xyBrwvP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/4a9224-37d4-4b23-a427-271362e3f25a/1/lJDNUrJ4xz-DXrffyb8QGa4k5wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/4a9224-37d4-4b23-a427-271362e3f25a/1/7zGgVPyftLFH6KmL2n5xyBrwvP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1550::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:75:4e:87:f1:7b:71:f6:93:18:03:e3:ca:e7:03:57:f8:d9:
         d0:6b:95:26:b6:8e:5f:e4:27:5c:fa:55:74:58:49:2a:bb:da:
         2f:fc:1e:1f:86:69:f7:6f:2b:4f:f0:31:81:3e:25:c7:31:72:
         fd:cd:a8:91:00:b3:b7:a8:6a:a8:8b:0c:8b:f2:0a:01:55:ee:
         e1:48:5e:6a:d3:2b:d7:9b:0c:b0:d3:e6:bb:dc:f1:d8:0d:b9:
         d9:fd:51:8d:70:0d:5e:96:eb:78:0d:07:55:6d:70:e0:b2:87:
         20:d8:2b:8b:3f:be:24:3b:35:57:aa:fc:fe:04:d5:99:7c:79:
         04:80:de:a0:ee:85:a1:30:66:de:52:4b:ad:c8:5a:d3:c8:37:
         62:43:5e:b1:0b:06:0e:16:52:d6:e0:93:d7:7c:59:8c:61:e5:
         5d:97:45:81:22:6c:a5:e9:ea:4a:74:7e:69:59:b3:35:90:8f:
         c3:d5:0c:3e:8e:ab:e7:3f:10:cd:5e:f6:bb:5f:0b:aa:f8:69:
         89:88:65:cb:f9:24:ab:99:89:d2:c4:8d:6d:c1:1a:4a:6c:3a:
         9c:49:81:16:25:41:4c:15:69:76:11:42:a0:da:b8:ff:64:9f:
         05:0e:a5:90:55:52:87:57:64:2f:f0:90:2d:2e:d5:6f:77:0e:
         ca:af:19:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk3z6uwYQNBT3F/u8K9CjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMzFhMDU0ZmM5ZmI0YjE0N2U4YTk4YmRhN2U3MWM4MWFm
MGJjZmQwHhcNMjQwMTAxMTAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDkwY2Q1MmIyNzhjNzNmODM1ZWI3ZGZjOWJmMTAxOWFlMjRlNzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl69/Hx1/HRC9GyE0zbrBKFONvR7C
a2zIupP7niDIHU+zaU4gq5UYZONPLwl05wfNrT+pLbwwV097PjBZHJbYim5Enl1D
tsqeZgdsizs1TdJVW6MLRHTM3kUgOQWVpLVSn+pcNTEywGW4LQgC1i41+56e2lNE
vwyQVnZmWJw10jatcWZhLB38YZw6L/f8J8wNfmeAwzHpMkTdARIuRRas7LzYmueS
RGKHiH/+n5BZ+bJTIG8yuDaDHxb+IBuGmFzl1xNz4wgxZD0jMbERGDsg5ood7bgs
7hFw2BXr5iy4YS5eCmF9hW1mZcFiqQddrLb9WOyUt3Rfv8PUNi6CvpsJoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJSQzVKyeMc/g16338m/EBmuJOcJMB8GA1UdIwQY
MBaAFO8xoFT8n7SxR+ipi9p+ccga8Lz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3pHZ1ZQeWZ0TEZINkttTDJuNXh5QnJ3dlAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80YTkyMjQtMzdkNC00YjIzLWE0Mjct
MjcxMzYyZTNmMjVhLzEvbEpETlVySjR4ei1EWHJmZnliOFFHYTRrNXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80YTkyMjQtMzdkNC00YjIzLWE0MjctMjcxMzYyZTNmMjVh
LzEvN3pHZ1ZQeWZ0TEZINkttTDJuNXh5QnJ3dlAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBVQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB+dU6H8Xtx9pMYA+PK5wNX+NnQa5Umto5f5Cdc
+lV0WEkqu9ov/B4fhmn3bytP8DGBPiXHMXL9zaiRALO3qGqoiwyL8goBVe7hSF5q
0yvXmwyw0+a73PHYDbnZ/VGNcA1elut4DQdVbXDgsocg2CuLP74kOzVXqvz+BNWZ
fHkEgN6g7oWhMGbeUkutyFrTyDdiQ16xCwYOFlLW4JPXfFmMYeVdl0WBImyl6epK
dH5pWbM1kI/D1Qw+jqvnPxDNXva7Xwuq+GmJiGXL+SSrmYnSxI1twRpKbDqcSYEW
JUFMFWl2EUKg2rj/ZJ8FDqWQVVKHV2Qv8JAtLtVvdw7KrxmW
-----END CERTIFICATE-----